1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Mellanox boot control driver 4 * 5 * This driver provides a sysfs interface for systems management 6 * software to manage reset-time actions. 7 * 8 * Copyright (C) 2019 Mellanox Technologies 9 */ 10 11 #include <linux/acpi.h> 12 #include <linux/arm-smccc.h> 13 #include <linux/delay.h> 14 #include <linux/module.h> 15 #include <linux/platform_device.h> 16 17 #include "mlxbf-bootctl.h" 18 19 #define MLXBF_BOOTCTL_SB_SECURE_MASK 0x03 20 #define MLXBF_BOOTCTL_SB_TEST_MASK 0x0c 21 22 #define MLXBF_SB_KEY_NUM 4 23 24 /* UUID used to probe ATF service. */ 25 static const char *mlxbf_bootctl_svc_uuid_str = 26 "89c036b4-e7d7-11e6-8797-001aca00bfc4"; 27 28 struct mlxbf_bootctl_name { 29 u32 value; 30 const char *name; 31 }; 32 33 static struct mlxbf_bootctl_name boot_names[] = { 34 { MLXBF_BOOTCTL_EXTERNAL, "external" }, 35 { MLXBF_BOOTCTL_EMMC, "emmc" }, 36 { MLNX_BOOTCTL_SWAP_EMMC, "swap_emmc" }, 37 { MLXBF_BOOTCTL_EMMC_LEGACY, "emmc_legacy" }, 38 { MLXBF_BOOTCTL_NONE, "none" }, 39 }; 40 41 static const char * const mlxbf_bootctl_lifecycle_states[] = { 42 [0] = "Production", 43 [1] = "GA Secured", 44 [2] = "GA Non-Secured", 45 [3] = "RMA", 46 }; 47 48 /* Mapped pointer for RSH_BOOT_FIFO_DATA and RSH_BOOT_FIFO_COUNT register. */ 49 static void __iomem *mlxbf_rsh_boot_data; 50 static void __iomem *mlxbf_rsh_boot_cnt; 51 52 /* ARM SMC call which is atomic and no need for lock. */ 53 static int mlxbf_bootctl_smc(unsigned int smc_op, int smc_arg) 54 { 55 struct arm_smccc_res res; 56 57 arm_smccc_smc(smc_op, smc_arg, 0, 0, 0, 0, 0, 0, &res); 58 59 return res.a0; 60 } 61 62 /* Return the action in integer or an error code. */ 63 static int mlxbf_bootctl_reset_action_to_val(const char *action) 64 { 65 int i; 66 67 for (i = 0; i < ARRAY_SIZE(boot_names); i++) 68 if (sysfs_streq(boot_names[i].name, action)) 69 return boot_names[i].value; 70 71 return -EINVAL; 72 } 73 74 /* Return the action in string. */ 75 static const char *mlxbf_bootctl_action_to_string(int action) 76 { 77 int i; 78 79 for (i = 0; i < ARRAY_SIZE(boot_names); i++) 80 if (boot_names[i].value == action) 81 return boot_names[i].name; 82 83 return "invalid action"; 84 } 85 86 static ssize_t post_reset_wdog_show(struct device *dev, 87 struct device_attribute *attr, char *buf) 88 { 89 int ret; 90 91 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_POST_RESET_WDOG, 0); 92 if (ret < 0) 93 return ret; 94 95 return sprintf(buf, "%d\n", ret); 96 } 97 98 static ssize_t post_reset_wdog_store(struct device *dev, 99 struct device_attribute *attr, 100 const char *buf, size_t count) 101 { 102 unsigned long value; 103 int ret; 104 105 ret = kstrtoul(buf, 10, &value); 106 if (ret) 107 return ret; 108 109 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_POST_RESET_WDOG, value); 110 if (ret < 0) 111 return ret; 112 113 return count; 114 } 115 116 static ssize_t mlxbf_bootctl_show(int smc_op, char *buf) 117 { 118 int action; 119 120 action = mlxbf_bootctl_smc(smc_op, 0); 121 if (action < 0) 122 return action; 123 124 return sprintf(buf, "%s\n", mlxbf_bootctl_action_to_string(action)); 125 } 126 127 static int mlxbf_bootctl_store(int smc_op, const char *buf, size_t count) 128 { 129 int ret, action; 130 131 action = mlxbf_bootctl_reset_action_to_val(buf); 132 if (action < 0) 133 return action; 134 135 ret = mlxbf_bootctl_smc(smc_op, action); 136 if (ret < 0) 137 return ret; 138 139 return count; 140 } 141 142 static ssize_t reset_action_show(struct device *dev, 143 struct device_attribute *attr, char *buf) 144 { 145 return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_RESET_ACTION, buf); 146 } 147 148 static ssize_t reset_action_store(struct device *dev, 149 struct device_attribute *attr, 150 const char *buf, size_t count) 151 { 152 return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_RESET_ACTION, buf, count); 153 } 154 155 static ssize_t second_reset_action_show(struct device *dev, 156 struct device_attribute *attr, 157 char *buf) 158 { 159 return mlxbf_bootctl_show(MLXBF_BOOTCTL_GET_SECOND_RESET_ACTION, buf); 160 } 161 162 static ssize_t second_reset_action_store(struct device *dev, 163 struct device_attribute *attr, 164 const char *buf, size_t count) 165 { 166 return mlxbf_bootctl_store(MLXBF_BOOTCTL_SET_SECOND_RESET_ACTION, buf, 167 count); 168 } 169 170 static ssize_t lifecycle_state_show(struct device *dev, 171 struct device_attribute *attr, char *buf) 172 { 173 int lc_state; 174 175 lc_state = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS, 176 MLXBF_BOOTCTL_FUSE_STATUS_LIFECYCLE); 177 if (lc_state < 0) 178 return lc_state; 179 180 lc_state &= 181 MLXBF_BOOTCTL_SB_TEST_MASK | MLXBF_BOOTCTL_SB_SECURE_MASK; 182 183 /* 184 * If the test bits are set, we specify that the current state may be 185 * due to using the test bits. 186 */ 187 if (lc_state & MLXBF_BOOTCTL_SB_TEST_MASK) { 188 lc_state &= MLXBF_BOOTCTL_SB_SECURE_MASK; 189 190 return sprintf(buf, "%s(test)\n", 191 mlxbf_bootctl_lifecycle_states[lc_state]); 192 } 193 194 return sprintf(buf, "%s\n", mlxbf_bootctl_lifecycle_states[lc_state]); 195 } 196 197 static ssize_t secure_boot_fuse_state_show(struct device *dev, 198 struct device_attribute *attr, 199 char *buf) 200 { 201 int burnt, valid, key, key_state, buf_len = 0, upper_key_used = 0; 202 const char *status; 203 204 key_state = mlxbf_bootctl_smc(MLXBF_BOOTCTL_GET_TBB_FUSE_STATUS, 205 MLXBF_BOOTCTL_FUSE_STATUS_KEYS); 206 if (key_state < 0) 207 return key_state; 208 209 /* 210 * key_state contains the bits for 4 Key versions, loaded from eFuses 211 * after a hard reset. Lower 4 bits are a thermometer code indicating 212 * key programming has started for key n (0000 = none, 0001 = version 0, 213 * 0011 = version 1, 0111 = version 2, 1111 = version 3). Upper 4 bits 214 * are a thermometer code indicating key programming has completed for 215 * key n (same encodings as the start bits). This allows for detection 216 * of an interruption in the programming process which has left the key 217 * partially programmed (and thus invalid). The process is to burn the 218 * eFuse for the new key start bit, burn the key eFuses, then burn the 219 * eFuse for the new key complete bit. 220 * 221 * For example 0000_0000: no key valid, 0001_0001: key version 0 valid, 222 * 0011_0011: key 1 version valid, 0011_0111: key version 2 started 223 * programming but did not complete, etc. The most recent key for which 224 * both start and complete bit is set is loaded. On soft reset, this 225 * register is not modified. 226 */ 227 for (key = MLXBF_SB_KEY_NUM - 1; key >= 0; key--) { 228 burnt = key_state & BIT(key); 229 valid = key_state & BIT(key + MLXBF_SB_KEY_NUM); 230 231 if (burnt && valid) 232 upper_key_used = 1; 233 234 if (upper_key_used) { 235 if (burnt) 236 status = valid ? "Used" : "Wasted"; 237 else 238 status = valid ? "Invalid" : "Skipped"; 239 } else { 240 if (burnt) 241 status = valid ? "InUse" : "Incomplete"; 242 else 243 status = valid ? "Invalid" : "Free"; 244 } 245 buf_len += sprintf(buf + buf_len, "%d:%s ", key, status); 246 } 247 buf_len += sprintf(buf + buf_len, "\n"); 248 249 return buf_len; 250 } 251 252 static ssize_t fw_reset_store(struct device *dev, 253 struct device_attribute *attr, 254 const char *buf, size_t count) 255 { 256 unsigned long key; 257 int err; 258 259 err = kstrtoul(buf, 16, &key); 260 if (err) 261 return err; 262 263 if (mlxbf_bootctl_smc(MLXBF_BOOTCTL_FW_RESET, key) < 0) 264 return -EINVAL; 265 266 return count; 267 } 268 269 static DEVICE_ATTR_RW(post_reset_wdog); 270 static DEVICE_ATTR_RW(reset_action); 271 static DEVICE_ATTR_RW(second_reset_action); 272 static DEVICE_ATTR_RO(lifecycle_state); 273 static DEVICE_ATTR_RO(secure_boot_fuse_state); 274 static DEVICE_ATTR_WO(fw_reset); 275 276 static struct attribute *mlxbf_bootctl_attrs[] = { 277 &dev_attr_post_reset_wdog.attr, 278 &dev_attr_reset_action.attr, 279 &dev_attr_second_reset_action.attr, 280 &dev_attr_lifecycle_state.attr, 281 &dev_attr_secure_boot_fuse_state.attr, 282 &dev_attr_fw_reset.attr, 283 NULL 284 }; 285 286 ATTRIBUTE_GROUPS(mlxbf_bootctl); 287 288 static const struct acpi_device_id mlxbf_bootctl_acpi_ids[] = { 289 {"MLNXBF04", 0}, 290 {} 291 }; 292 293 MODULE_DEVICE_TABLE(acpi, mlxbf_bootctl_acpi_ids); 294 295 static ssize_t mlxbf_bootctl_bootfifo_read(struct file *filp, 296 struct kobject *kobj, 297 struct bin_attribute *bin_attr, 298 char *buf, loff_t pos, 299 size_t count) 300 { 301 unsigned long timeout = msecs_to_jiffies(500); 302 unsigned long expire = jiffies + timeout; 303 u64 data, cnt = 0; 304 char *p = buf; 305 306 while (count >= sizeof(data)) { 307 /* Give up reading if no more data within 500ms. */ 308 if (!cnt) { 309 cnt = readq(mlxbf_rsh_boot_cnt); 310 if (!cnt) { 311 if (time_after(jiffies, expire)) 312 break; 313 usleep_range(10, 50); 314 continue; 315 } 316 } 317 318 data = readq(mlxbf_rsh_boot_data); 319 memcpy(p, &data, sizeof(data)); 320 count -= sizeof(data); 321 p += sizeof(data); 322 cnt--; 323 expire = jiffies + timeout; 324 } 325 326 return p - buf; 327 } 328 329 static struct bin_attribute mlxbf_bootctl_bootfifo_sysfs_attr = { 330 .attr = { .name = "bootfifo", .mode = 0400 }, 331 .read = mlxbf_bootctl_bootfifo_read, 332 }; 333 334 static bool mlxbf_bootctl_guid_match(const guid_t *guid, 335 const struct arm_smccc_res *res) 336 { 337 guid_t id = GUID_INIT(res->a0, res->a1, res->a1 >> 16, 338 res->a2, res->a2 >> 8, res->a2 >> 16, 339 res->a2 >> 24, res->a3, res->a3 >> 8, 340 res->a3 >> 16, res->a3 >> 24); 341 342 return guid_equal(guid, &id); 343 } 344 345 static int mlxbf_bootctl_probe(struct platform_device *pdev) 346 { 347 struct arm_smccc_res res = { 0 }; 348 guid_t guid; 349 int ret; 350 351 /* Get the resource of the bootfifo data register. */ 352 mlxbf_rsh_boot_data = devm_platform_ioremap_resource(pdev, 0); 353 if (IS_ERR(mlxbf_rsh_boot_data)) 354 return PTR_ERR(mlxbf_rsh_boot_data); 355 356 /* Get the resource of the bootfifo counter register. */ 357 mlxbf_rsh_boot_cnt = devm_platform_ioremap_resource(pdev, 1); 358 if (IS_ERR(mlxbf_rsh_boot_cnt)) 359 return PTR_ERR(mlxbf_rsh_boot_cnt); 360 361 /* Ensure we have the UUID we expect for this service. */ 362 arm_smccc_smc(MLXBF_BOOTCTL_SIP_SVC_UID, 0, 0, 0, 0, 0, 0, 0, &res); 363 guid_parse(mlxbf_bootctl_svc_uuid_str, &guid); 364 if (!mlxbf_bootctl_guid_match(&guid, &res)) 365 return -ENODEV; 366 367 /* 368 * When watchdog is used, it sets boot mode to MLXBF_BOOTCTL_SWAP_EMMC 369 * in case of boot failures. However it doesn't clear the state if there 370 * is no failure. Restore the default boot mode here to avoid any 371 * unnecessary boot partition swapping. 372 */ 373 ret = mlxbf_bootctl_smc(MLXBF_BOOTCTL_SET_RESET_ACTION, 374 MLXBF_BOOTCTL_EMMC); 375 if (ret < 0) 376 dev_warn(&pdev->dev, "Unable to reset the EMMC boot mode\n"); 377 378 ret = sysfs_create_bin_file(&pdev->dev.kobj, 379 &mlxbf_bootctl_bootfifo_sysfs_attr); 380 if (ret) 381 pr_err("Unable to create bootfifo sysfs file, error %d\n", ret); 382 383 return ret; 384 } 385 386 static int mlxbf_bootctl_remove(struct platform_device *pdev) 387 { 388 sysfs_remove_bin_file(&pdev->dev.kobj, 389 &mlxbf_bootctl_bootfifo_sysfs_attr); 390 391 return 0; 392 } 393 394 static struct platform_driver mlxbf_bootctl_driver = { 395 .probe = mlxbf_bootctl_probe, 396 .remove = mlxbf_bootctl_remove, 397 .driver = { 398 .name = "mlxbf-bootctl", 399 .dev_groups = mlxbf_bootctl_groups, 400 .acpi_match_table = mlxbf_bootctl_acpi_ids, 401 } 402 }; 403 404 module_platform_driver(mlxbf_bootctl_driver); 405 406 MODULE_DESCRIPTION("Mellanox boot control driver"); 407 MODULE_LICENSE("GPL v2"); 408 MODULE_AUTHOR("Mellanox Technologies"); 409